A cikin manyan gungu na kwamfuta da yawa da ke cikin cibiyoyin sarrafa kwamfuta a cikin Burtaniya, Jamus, Switzerland da Spain, burbushin satar kayan more rayuwa da shigar da malware don boye ma'adinan Monero (XMR) cryptocurrency. Ba a samo cikakken nazarin abubuwan da suka faru ba tukuna, amma bisa ga bayanan farko, tsarin ya lalace sakamakon satar bayanan da aka yi daga tsarin masu binciken da ke da damar gudanar da ayyuka a cikin gungu (kwanan nan, gungu da yawa suna ba da damar yin amfani da su. Masu bincike na ɓangare na uku suna nazarin SARS-CoV-2 coronavirus da gudanar da ƙirar tsari mai alaƙa da kamuwa da cutar COVID-19). Bayan samun damar shiga gungu a ɗaya daga cikin lamuran, maharan sun yi amfani da raunin a cikin Linux kernel don samun tushen tushen kuma shigar da rootkit.
Abubuwa biyu da maharan suka yi amfani da takardun shaidar da aka kama daga masu amfani da su daga Jami'ar Krakow (Poland), Jami'ar Sufuri ta Shanghai (China) da Cibiyar Nazarin Kimiyya ta Sin. An karɓi takaddun shaida daga mahalarta shirye-shiryen bincike na duniya kuma an yi amfani da su don haɗawa da tari ta hanyar SSH. Har yanzu ba a bayyana ainihin yadda aka kama takaddun ba, amma a wasu tsarin (ba duka ba) na waɗanda ke fama da yaɗuwar kalmar sirri, an gano fayilolin SSH da za a iya aiwatar da su.
Sakamakon haka, maharan samun dama ga gungu na tushen Burtaniya (Jami'ar Edinburgh). , Matsayi na 334th a cikin Top500 mafi girma na supercomputers. Bayan irin wannan shigar sun kasance a cikin gungu bwUniCluster 2.0 (Karlsruhe Cibiyar Fasaha, Jamus), ForHLR II (Karlsruhe Cibiyar Fasaha, Jamus), bwForCluster JUSTUS (Ulm Jami'ar, Jamus), bwForCluster BinAC (Jami'ar Tübingen, Jamus) da Hawk (Jami'ar Stuttgart, Jamus).
Bayani game da al'amuran tsaro na gungu a (CSCS), ( a saman 500), (Jamus) da (, и wurare a cikin Top500). Bugu da ƙari, daga ma'aikata Har yanzu ba a tabbatar da bayani game da sasantawa na ababen more rayuwa na Babban Ayyukan Kwamfuta a Barcelona (Spain) ba tukuna.
canje-canje
, cewa an zazzage fayiloli guda biyu masu ɓarna zuwa ga sabar da aka daidaita, waɗanda aka saita tutocin suid: “/etc/fonts/.fonts” da “/etc/fonts/.low”. Na farko shine bootloader don gudanar da umarnin harsashi tare da tushen gata, kuma na biyu shine mai tsabtace log don cire alamun ayyukan maharin. An yi amfani da dabaru daban-daban don ɓoye abubuwan ɓarna, gami da shigar da rootkit. , an ɗora shi azaman module don kernel na Linux. A cikin wani hali, an fara aikin hakar ma'adinai ne kawai da dare, don kada ya jawo hankali.
Da zarar an yi kutse, ana iya amfani da mai watsa shiri don aiwatar da ayyuka daban-daban, kamar hakar ma'adinai Monero (XMR), gudanar da wakili (don sadarwa tare da sauran runduna masu hakar ma'adinai da uwar garken da ke daidaita ma'adinai), yana gudanar da wakili na SOCKS na tushen microSOCKS (don karɓar waje). haɗin kai ta hanyar SSH) da turawa SSH (madaidaicin wurin shiga ta amfani da asusun da aka daidaita wanda aka saita mai fassarar adireshi don aikawa zuwa cibiyar sadarwar ciki). Lokacin da ake haɗawa da rundunonin da aka daidaita, maharan sun yi amfani da runduna tare da wakilan SOCKS kuma yawanci ana haɗa su ta hanyar Tor ko wasu tsarin da ba su dace ba.
source: budenet.ru